Microsoft has announced that it will release nine bulletins to address a total of 11 vulnerabilities on its next Patch Tuesday.
Scheduled for release next Tuesday 14th, the nine bulletins will address 11 vulnerabilities affecting Windows, Internet Information Services (IIS) and Microsoft Office. Four carry a critical rating for remote code execution flaws in Windows and Office, while five important patches cover remote code execution and elevation of privilege exploits in Windows.
Don Leatham, senior director of solutions and strategy at Lumension, said: “This month shows the fruit of Microsoft's efforts to make their latest platforms and products more secure and should encourage organisations to continue to move away from the Windows XP and Windows Server 2003.
“As an added benefit, this Patch Tuesday will practically be a non-event for organisations running Windows 7 and Server 2008 R2. Organisations stuck on Windows XP and Server 2003 need to take a hard look at the cost and risk factors associated with staying on these dated platforms.
“While Microsoft's bulletin might be considered light this month, given how critical the updates were in August, IT teams still need to be vigilant in reviewing previous month's Microsoft patch deployments, as well as all other vendor updates.”
Wolfgang Kandek, CTO at Qualys, said: “Once again, Windows 7 and Windows Server 2008 R2 are less problematic and are not affected by three of the four critical vulnerabilities and have a downgraded severity of ‘important' for the last one.
“I expect some of the bulletins to address DLL hijacking issues in Microsoft's own products, but it will be interesting to see if Microsoft will change its guidance for Hotfix KB2264107. Currently it is only at the advisory level and users have to make an active decision to get protection against DLL hijacking in third party applications.
“As last month, Windows XP SP2 users do not have any patches supplied to them, even though the majority of updates for XP SP3 most likely apply to their discontinued version of the OS as well. Windows XP SP2 users should upgrade to SP3 as quickly as possible.”